CN105847062A - Log aggregation method and device - Google Patents
Log aggregation method and device Download PDFInfo
- Publication number
- CN105847062A CN105847062A CN201610297447.9A CN201610297447A CN105847062A CN 105847062 A CN105847062 A CN 105847062A CN 201610297447 A CN201610297447 A CN 201610297447A CN 105847062 A CN105847062 A CN 105847062A
- Authority
- CN
- China
- Prior art keywords
- daily record
- node
- repetition
- length
- chained list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000002776 aggregation Effects 0.000 title claims abstract description 39
- 238000004220 aggregation Methods 0.000 title claims abstract description 39
- 238000012545 processing Methods 0.000 claims description 18
- 238000005538 encapsulation Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a log aggregation method and device. The method comprises the steps that the field content required to be outputted of logs is packaged in structural bodies according to the types of the logs generated by network equipment; the length of the structural bodies after the logs are packaged is acquired and the field content packaged in the structural bodies is also acquired, and inquiring in a chain table is performed according to the length of the structural bodies and the field content; if the judgment indicates that the nodes of the chain table store the structural bodies having the same length of the structural bodies and the filed content of the logs, one time of repetition of the logs is added; and if the judgment indicates that the number of times of repetition of the logs is greater than or equal to a preset repetition threshold, the field content required to be outputted of the logs is outputted, and the number of times of repetition of the logs is reset. Compared with the methods in the prior art, the log aggregation method has no limitation for the formats or the types of the logs and can be suitable for various types of logs so that the logs can be better aggregated and the log performance can be optimized.
Description
Technical field
The invention belongs to field of computer technology, particularly to a kind of log aggregation method and device.
Background technology
The network equipment, system and service routine etc., all can produce one when running and be Log
Logout, Log here namely daily record.Every a line daily record all recite the date, the time,
The description of the associative operation such as user and action.The network equipment is according to the different records in protection field
Daily record varied, have the attack logs that real-time is stronger, also have common traffic probe and
Log.Common discharge record daily record does not the most possess real-time, but indispensable,
Such as session log.Session log have recorded the flow information that Network Security Device processes, mainly
The information such as including five-tuple, outgoing interface, incoming interface.If flow is relatively big, the daily record amount of record
Also it is huge, and these daily records exist many same daily records.In order to prevent same day
Will repeats output, in this case, has occurred as soon as repeating the log aggregation that daily record is polymerized
Technology.
Existing log aggregation technology, mostly need according in Log Types and daily record is effective
Field (such as IP address etc.) carries out hash key calculating, thus to the chain according to hash key
Daily record in same chained list is polymerized by table Query Result.
But, this aggregation scheme is only suitable for particular log form or type, such as, contain such as
The journal format of the fields such as IP address or type, limit the type of the daily record that can be polymerized.And
Existing log aggregation technology, when daily record number of repetition reaches to repeat threshold value just by defeated for this daily record
Go out, without reaching to repeat threshold value, be then likely to occur daily record and postpone to export or the most defeated
Situation about going out.
Summary of the invention
It is an object of the present invention to provide a kind of be applicable to all kinds of form and the daily record of type and protect
The log aggregation method that card daily record can normally export.
In order to achieve the above object, the invention provides a kind of log aggregation method and device.
First aspect, the invention provides a kind of log aggregation method, including:
According to the kind of the daily record that the network equipment generates, described daily record will need the field of output
Content is encapsulated in structure;
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content, length and field contents according to described structure are inquired about in chained list;
If judging to know length and the word having stored the structure with this daily record in the node of chained list
The structure that section content is the most identical, then add 1 by the number of repetition of this daily record;
If judging, the number of repetition knowing this daily record more than or equal to the repetition threshold value preset, then will
This daily record needs the field contents output of output, and the number of repetition of this daily record is reset.
Preferably, described method also includes:
If judging to know length and the word of the structure not have storage and this daily record in the node of chained list
The structure that section content is the most identical, then create new node, store this daily record in described new node
Structure, and by described new node add chained list.
Preferably, described method also includes:
If judge to know the node current time node of chained list and last output field content time
The interval of intermediate node is idle more than or equal to the state of the time-out time preset and present node,
Then judge the number of repetition of the daily record that this node stores;
If judging, the number of repetition knowing described daily record is more than 0, then in the daily record stored by this node
Need the field contents output of output.
Preferably, described method also includes:
If judging, the number of repetition knowing described daily record equal to 0, then deletes this node.
Preferably, the length of the structure after described acquisition daily record is packed, and be encapsulated in
Field contents in structure, length and field contents according to described structure are entered in chained list
The step of row inquiry specifically includes:
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content;
Calculate the length of described structure and the hash key word of field contents;
Inquire about in chained list according to described hash key word.
Second aspect, the invention provides a kind of log aggregation device, including:
Structurized module, the kind of the daily record for generating according to the network equipment, by described daily record
The middle field contents needing output is encapsulated in structure;
Enquiry module, for obtain daily record packed after the length of structure, and encapsulation
Field contents in structure, length and field contents according to described structure are in chained list
Inquire about;
Processing module, if knowing in the node of chained list for judgement and having stored the knot with this daily record
The length of structure body and the most identical structure of field contents, then add 1 by the number of repetition of this daily record;
Described processing module, if being additionally operable to judge to know that the number of repetition of this daily record is more than or equal to
The repetition threshold value preset, then will need the field contents output of output in this daily record, and by this day
The number of repetition of will resets.
Preferably, it is characterised in that
Described processing module, if being additionally operable in the node judging to know chained list not storage and this day
The length of the structure of will and the most identical structure of field contents, then create new node, in institute
State the structure storing this daily record in new node, and described new node is added chained list.
Preferably, described processing module, if being additionally operable to the node current time judging to know chained list
The interval of the timing node of node and last output field content is more than or equal to the time-out preset
The state of time and present node is idle, then judge the number of repetition of the daily record that this node stores;
Described processing module, if the number of repetition being additionally operable to judge to know described daily record is more than 0, then
Is needed in the daily record that this node is stored the field contents output of output.
Preferably, described processing module, if being additionally operable to the number of repetition judging to know described daily record
Equal to 0, then delete this node.
Preferably, described enquiry module is additionally operable to:
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content;
Calculate the length of described structure and the hash key word of field contents;
Inquire about in chained list according to described hash key word.
By being structure by log package in the log aggregation method that the present invention provides, recycle
Length and content in structure search repetition daily record in chained list, and surpass repeating daily record number of times
Daily record being exported when crossing predetermined threshold value, compared with prior art form and type to daily record do not have
Limit, it is possible to be applicable to all kinds of daily record such that it is able to daily record is preferably polymerized, optimize
Daily record performance.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below
In describing embodiment, the required accompanying drawing used is briefly described, it should be apparent that under,
Accompanying drawing in the description of face is only some examples of the present invention, for those of ordinary skill in the art
From the point of view of, on the premise of not paying creative work, it is also possible to obtain other according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the log aggregation embodiment of the method flow chart that the present invention provides;
Fig. 2 is step S102 method flow diagram in Fig. 1;
Fig. 3 is the log aggregation embodiment of the method flow chart that the present invention provides;
Fig. 4 is the one preferably log aggregation embodiment of the method flow chart that the present invention provides;
Fig. 5 is the log aggregation device example structure schematic diagram that the present invention provides.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical side in the embodiment of the present invention
Case is clearly and completely described, it is clear that described embodiment is only the present invention one
Divide embodiment rather than whole embodiments.Based on the embodiment in the present invention, this area is general
The every other embodiment that logical technology people is obtained under not making creative work premise, all
Belong to the scope of protection of the invention.
First aspect, the invention provides a kind of log aggregation embodiment of the method, as it is shown in figure 1,
Including:
S101, the kind of the daily record generated according to the network equipment, will need the word of output in daily record
Section content is encapsulated in structure;
S102, obtain daily record packed after the length of structure, and be encapsulated in structure
Interior field contents, length and field contents according to structure are inquired about in chained list;
If S103 judges to know the length having stored the structure with this daily record in the node of chained list
Degree and the most identical structure of field contents, then add 1 by the number of repetition of this daily record;
If S104 judges to know that the number of repetition of this daily record is more than or equal to the repetition threshold value preset,
This daily record then will need the field contents output of output, and the number of repetition of this daily record will be reset.
By being structure by log package in the log aggregation method that the embodiment of the present invention provides,
Length and content in recycling structure search repetition daily record in chained list, and are repeating daily record
Daily record is exported when exceeding predetermined threshold value by number of times, compared with prior art form and the class to daily record
Type does not limit, it is possible to be applicable to all kinds of daily record such that it is able to be preferably polymerized daily record,
Optimize daily record performance.
When reality is applied, the network equipment here can be Network Security Device, the most permissible
For router, fire wall, IPS (intrusion detection), IDP (intrusion detection defence), behavior
Manager, core switch etc..Here the repetition threshold value preset can be User Defined
The threshold value arranged, it is also possible to for the repetition threshold value of system default, this is not done concrete limit by the present invention
Fixed.
In the specific implementation, the present invention provide log aggregation embodiment of the method step S103 it
After also include: if judging to know the length of the structure not have storage and this daily record in the node of chained list
Degree and the most identical structure of field contents, then create new node, store this day in new node
The structure of will, and new node is added chained list.
If the most not finding storage to have the structure with this daily record it is to say, traveled through chained list node
The length of body and the most identical structure of field contents, this also implies that this daily record first is secondary
One-tenth is not stored, or is the most deleted currently without storing record accordingly.
At this point it is possible to create new node, this node stores the structure of this daily record, and by this
One new node joins in chained list, if the network equipment generates again same after this
Daily record, then the number of repetition of this daily record adds 1.Therefore, the log aggregation that the embodiment of the present invention provides
Method can automatically update according to different daily record situations in chained list node such that it is able to
More effectively carry out log aggregation.
In the specific implementation, as in figure 2 it is shown, step S102 may include that
S1021, obtain daily record packed after the length of structure, and be encapsulated in structure
Interior field contents;
The hash key word of S1022, the length calculating described structure and field contents;
S1023, inquire about in chained list according to described hash key word.
Understand for convenience, briefly describe Hash table and hash key word below.Hash
Table (Hashtable also cries hash table), is direct according to hash key code value (Keyvalue)
The data structure conducted interviews.It is to say, it is by being mapped in table one key value
Position accesses record, to accelerate the speed searched.This mapping function is called hash function,
The array depositing record is called hash table.Given table M, existence function f (key), to any given
Key value key, if substituting into the record that can obtain comprising this keyword after function ground in table
Location, then table M is called Hash (Hash) table, and function f (key) is Hash (Hash) function.
Therefore, the log aggregation method that the embodiment of the present invention provides is encapsulated in structure obtaining
After interior field contents, its hash key word can be calculated, and exist according to described hash key word
Chained list is carried out, thus accelerates lookup speed, it is provided that the efficiency of log aggregation.Preferably,
Here the field contents hash key word in jhash algorithm computation structure body can be utilized, it is also possible to
Utilizing other algorithm, this is not specifically limited by the present invention.
When reality is applied, owing to the classification of daily record is different, it is more likely that there will be a certain day
The negligible amounts that will produces, number of repetition is unable to reach threshold value always, thus postpones output or not
Output, makes user cannot obtain the such situation of log content in time.In order to prevent this situation
Generation, as it is shown on figure 3, the embodiment of the present invention provide log aggregation method in also include:
If in S301 judges to know the current time node of chained list node and last output field
The interval of the timing node held more than or equal to the state of the time-out time preset and present node is
Free time, then judge the number of repetition of the daily record that this node stores;
If S302 judges that this node more than 0, is then stored by the number of repetition knowing described daily record
Daily record needs the field contents output of output.
The log aggregation method that the embodiment of the present invention provides is by arranging time-out time, for chained list
In each node carry out time monitoring, when interval time more than or equal to time-out time time, nothing
Whether the number of repetition of the daily record that this node of opinion now stores is more than repeating threshold value, all by storage
Daily record exports, thus avoids in prior art and cause owing to number of repetition does not reaches repetition threshold value
Daily record postpones output or the generation of situation not exported, it is ensured that user can acquisition promptly and accurately
Log content.
It should be noted that for same node, time-out time determination step here and step
Chained list node inquiry in S103 and the repetition threshold determination in S104 will not occur simultaneously.The most just
It is to say that being only possible to carry out time-out at current time for this node judges or inquire about or repeat threshold value to sentence
Fixed, it is impossible to three or therein both carry out simultaneously.But this three carry out not having certainty time
Between sequencing, say, that separate when same node these three is operated, and mutually
Do not affect.
It is understood that similarly, time-out time here can also set for User Defined
The threshold value put or the repetition threshold value for system default, this is not specifically limited by the present invention.
In the specific implementation, the embodiment of the present invention provide log aggregation method step S301 it
After also include: if knowing that the number of repetition of daily record equal to 0, then deletes this node judging.
If it is to say, the time interval that a certain node current time and last daily record export is
Through having exceeded time-out time, then first determine whether the number of repetition of the daily record of storage in node, if
Equal to 0, also imply that this node does not store daily record, the most now do not have the log content can be defeated
Go out, therefore delete this node, thus releasing memory, save memory headroom.
Understandable, the log aggregation method that embodiment of the present invention provides can be by above-mentioned
All of preferred embodiment is grouped together, concrete grammar flow chart as shown in Figure 4, due to
The most the concrete steps of each embodiment are illustrated, at this no longer to combination
The embodiment of the method obtained repeats.
It should be noted that illustration in above-described embodiment is only to facilitate more preferably geographical
Solve the method that the embodiment of the present invention provides, the concrete restriction to the present invention can not be constituted.On and
Will not influence each other between each preferred embodiment stated, between each preferred embodiment
Scheme obtained by any combination all should fall into protection scope of the present invention.
Second aspect, the invention provides a kind of log aggregation device, as it is shown in figure 5, include:
Structurized module 501, the kind of the daily record for generating according to the network equipment, by described day
The field contents needing output in will is encapsulated in structure;
Enquiry module 502, for obtain daily record packed after the length of structure, Yi Jifeng
The field contents being contained in structure, length and field contents according to described structure are at chained list
In inquire about;
Processing module 503, if knowing in the node of chained list for judgement and having stored and this daily record
The length of structure and the most identical structure of field contents, then add the number of repetition of this daily record
1;
Described processing module 503, if be additionally operable to judge to know the number of repetition of this daily record more than or etc.
In default repetition threshold value, then this daily record will need the field contents output of output, and should
The number of repetition of daily record resets.
In the specific implementation, described processing module 503, if being additionally operable to the node judging to know chained list
In there is no the storage structure the most identical with the length of the structure of this daily record and field contents, then
Create new node, described new node stores the structure of this daily record, and by described new node
Add chained list.
In the specific implementation, described processing module 503, if being additionally operable to the node judging to know chained list
The interval of the timing node of current time node and last output field content is more than or equal to pre-
If time-out time and the state of present node be idle, then judge the daily record that this node stores
Number of repetition;Described processing module, if being additionally operable to judge to know that the number of repetition of described daily record is big
In 0, then the daily record stored by this node needs the field contents output of output.
In the specific implementation, described processing module 503, if being additionally operable to judge to know described daily record
Number of repetition is equal to 0, then delete this node.
In the specific implementation, described enquiry module 502 is additionally operable to:
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content;
Calculate the length of described structure and the hash key word of field contents;
Inquire about in chained list according to described hash key word.
The log aggregation device introduced due to the present embodiment is for can perform in the embodiment of the present invention
The device of log aggregation method, so based on the log aggregation described in the embodiment of the present invention
Method, those skilled in the art will appreciate that the concrete of the log aggregation device of the present embodiment
Embodiment and its various versions, thus the most real for this log aggregation device at this
Log aggregation method in the existing embodiment of the present invention is no longer discussed in detail.If skill belonging to this area
Art personnel implement the device that in the embodiment of the present invention, log aggregation method is used, and broadly fall into this Shen
The scope that please be protect.
Device embodiment described above is only schematically, wherein said as separation unit
The unit of part explanation can be or may not be physically separate, shows as unit
Parts can be or may not be physical location, i.e. may be located at a place, or also
Can be distributed on multiple NE.Can select according to the actual needs part therein or
The whole module of person realizes the purpose of the present embodiment scheme.Those of ordinary skill in the art are not paying
In the case of going out performing creative labour, i.e. it is appreciated that and implements.
Through the above description of the embodiments, those skilled in the art it can be understood that
The mode of required general hardware platform can be added by software to each embodiment to realize, certainly
Hardware can also be passed through.Based on such understanding, technique scheme is the most in other words to existing
The part having technology to contribute can embody with the form of software product, and this computer is soft
Part product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, light
Dish etc., including some instructions with so that computer equipment (can be personal computer,
Server, or the network equipment etc.) perform some part institute of each embodiment or embodiment
The method stated.
The present invention will be described rather than carries out the present invention to it should be noted above-described embodiment
Limit, and those skilled in the art without departing from the scope of the appended claims may be used
Design alternative embodiment.In the claims, any reference between bracket should not will be located in
Symbol construction becomes limitations on claims.Word " comprises " not exclude the presence of and is not listed in right
Element in requirement or step.Word "a" or "an" before being positioned at element is not excluded for
There is multiple such element.The present invention can be by means of the hardware including some different elements
And realize by means of properly programmed computer.If listing the unit right of equipment for drying
In requirement, several in these devices can be specifically to be embodied by same hardware branch.
Word first, second and third use do not indicate that any order.Can be by these words
It is construed to title.
Last it is noted that above example is only in order to illustrate technical scheme, and
Non-to its restriction;Although the present invention being described in detail with reference to previous embodiment, ability
The those of ordinary skill in territory is it is understood that it still can be to the skill described in foregoing embodiments
Art scheme is modified, or wherein portion of techniques feature is carried out equivalent;And these are repaiied
Change or replace, not making the essence of appropriate technical solution depart from various embodiments of the present invention technical side
The spirit and scope of case.
Claims (10)
1. a log aggregation method, it is characterised in that including:
According to the kind of the daily record that the network equipment generates, described daily record will need the field of output
Content is encapsulated in structure;
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content, length and field contents according to described structure are inquired about in chained list;
If judging to know length and the word having stored the structure with this daily record in the node of chained list
The structure that section content is the most identical, then add 1 by the number of repetition of this daily record;
If judging, the number of repetition knowing this daily record more than or equal to the repetition threshold value preset, then will
This daily record needs the field contents output of output, and the number of repetition of this daily record is reset.
2. the method for claim 1, it is characterised in that described method also includes:
If judging to know length and the word of the structure not have storage and this daily record in the node of chained list
The structure that section content is the most identical, then create new node, store this daily record in described new node
Structure, and by described new node add chained list.
3. the method for claim 1, it is characterised in that described method also includes:
If judge to know the current time node of chained list node and last output field content time
The interval of intermediate node is idle more than or equal to the state of the time-out time preset and present node,
Then judge the number of repetition of the daily record that this node stores;
If judging, the number of repetition knowing described daily record is more than 0, then in the daily record stored by this node
Need the field contents output of output.
4. method as claimed in claim 3, it is characterised in that described method also includes:
If judging, the number of repetition knowing described daily record equal to 0, then deletes this node.
5. the method for claim 1, it is characterised in that described acquisition daily record is packed
The length of structure afterwards, and the field contents being encapsulated in structure, according to described knot
The step that the length of structure body and field contents carry out inquiring about in chained list specifically includes:
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content;
Calculate the length of described structure and the hash key word of field contents;
Inquire about in chained list according to described hash key word.
6. a log aggregation device, it is characterised in that including:
Structurized module, the kind of the daily record for generating according to the network equipment, by described daily record
The middle field contents needing output is encapsulated in structure;
Enquiry module, for obtain daily record packed after the length of structure, and encapsulation
Field contents in structure, length and field contents according to described structure are in chained list
Inquire about;
Processing module, if knowing in the node of chained list for judgement and having stored the knot with this daily record
The length of structure body and the most identical structure of field contents, then add 1 by the number of repetition of this daily record;
Described processing module, if being additionally operable to judge to know that the number of repetition of this daily record is more than or equal to
The repetition threshold value preset, then will need the field contents output of output in this daily record, and by this day
The number of repetition of will resets.
7. device as claimed in claim 6, it is characterised in that
Described processing module, if being additionally operable in the node judging to know chained list not storage and this day
The length of the structure of will and the most identical structure of field contents, then create new node, in institute
State the structure storing this daily record in new node, and described new node is added chained list.
8. device as claimed in claim 1, it is characterised in that
Described processing module, if being additionally operable to judge to know that the node current time node of chained list is with upper
The interval of the timing node of output field content is more than or equal to the time-out time preset and works as
The state of front nodal point is idle, then judge the number of repetition of the daily record that this node stores;
Described processing module, if the number of repetition being additionally operable to judge to know described daily record is more than 0, then
Is needed in the daily record that this node is stored the field contents output of output.
9. device as claimed in claim 8, it is characterised in that
Described processing module, if the number of repetition being additionally operable to judge to know described daily record is equal to 0, then
Delete this node.
10. device as claimed in claim 6, it is characterised in that described enquiry module is additionally operable to:
The length of the structure after acquisition daily record is packed, and the word being encapsulated in structure
Section content;
Calculate the length of described structure and the hash key word of field contents;
Inquire about in chained list according to described hash key word.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610297447.9A CN105847062A (en) | 2016-05-06 | 2016-05-06 | Log aggregation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610297447.9A CN105847062A (en) | 2016-05-06 | 2016-05-06 | Log aggregation method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105847062A true CN105847062A (en) | 2016-08-10 |
Family
ID=56591462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610297447.9A Pending CN105847062A (en) | 2016-05-06 | 2016-05-06 | Log aggregation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105847062A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106572083A (en) * | 2016-10-18 | 2017-04-19 | 汉柏科技有限公司 | Log processing method and system |
| CN107862061A (en) * | 2017-11-15 | 2018-03-30 | 深圳市华讯方舟软件信息有限公司 | The index file method for building up and search method of a kind of database |
| CN107992538A (en) * | 2017-11-24 | 2018-05-04 | 银联商务股份有限公司 | Message daily record generation method, device, querying method and information processing system |
| CN108563718A (en) * | 2018-04-02 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of method and system preventing log flood |
| CN108829543A (en) * | 2018-06-21 | 2018-11-16 | 郑州云海信息技术有限公司 | A method of reducing backup Linux system log size |
| CN110019064A (en) * | 2017-09-01 | 2019-07-16 | 大唐移动通信设备有限公司 | Eliminate the filter method and device for repeating log recording |
| CN111066001A (en) * | 2018-04-06 | 2020-04-24 | 松下电器(美国)知识产权公司 | Log output method, log output device, and program |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102637142A (en) * | 2012-04-13 | 2012-08-15 | 浪潮(北京)电子信息产业有限公司 | Computer system and method for realizing log management |
| CN103577443A (en) * | 2012-07-30 | 2014-02-12 | 中国银联股份有限公司 | Log processing system |
| CN104281672A (en) * | 2014-09-28 | 2015-01-14 | 网神信息技术(北京)股份有限公司 | Log data processing method and device |
| CN104301360A (en) * | 2013-07-19 | 2015-01-21 | 阿里巴巴集团控股有限公司 | Method, log server and system for recording log data |
| CN105049260A (en) * | 2015-08-24 | 2015-11-11 | 浪潮(北京)电子信息产业有限公司 | Dialog management method and device |
-
2016
- 2016-05-06 CN CN201610297447.9A patent/CN105847062A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102637142A (en) * | 2012-04-13 | 2012-08-15 | 浪潮(北京)电子信息产业有限公司 | Computer system and method for realizing log management |
| CN103577443A (en) * | 2012-07-30 | 2014-02-12 | 中国银联股份有限公司 | Log processing system |
| CN104301360A (en) * | 2013-07-19 | 2015-01-21 | 阿里巴巴集团控股有限公司 | Method, log server and system for recording log data |
| CN104281672A (en) * | 2014-09-28 | 2015-01-14 | 网神信息技术(北京)股份有限公司 | Log data processing method and device |
| CN105049260A (en) * | 2015-08-24 | 2015-11-11 | 浪潮(北京)电子信息产业有限公司 | Dialog management method and device |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106572083A (en) * | 2016-10-18 | 2017-04-19 | 汉柏科技有限公司 | Log processing method and system |
| CN110019064A (en) * | 2017-09-01 | 2019-07-16 | 大唐移动通信设备有限公司 | Eliminate the filter method and device for repeating log recording |
| CN107862061A (en) * | 2017-11-15 | 2018-03-30 | 深圳市华讯方舟软件信息有限公司 | The index file method for building up and search method of a kind of database |
| CN107992538A (en) * | 2017-11-24 | 2018-05-04 | 银联商务股份有限公司 | Message daily record generation method, device, querying method and information processing system |
| CN107992538B (en) * | 2017-11-24 | 2021-10-01 | 银联商务股份有限公司 | Message log generation method and device, query method and information processing system |
| CN108563718A (en) * | 2018-04-02 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of method and system preventing log flood |
| CN108563718B (en) * | 2018-04-02 | 2021-07-23 | 郑州云海信息技术有限公司 | Method and system for preventing log flood |
| CN111066001A (en) * | 2018-04-06 | 2020-04-24 | 松下电器(美国)知识产权公司 | Log output method, log output device, and program |
| CN111066001B (en) * | 2018-04-06 | 2024-07-30 | 松下电器(美国)知识产权公司 | Log output method, log output device and storage medium |
| CN108829543A (en) * | 2018-06-21 | 2018-11-16 | 郑州云海信息技术有限公司 | A method of reducing backup Linux system log size |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105847062A (en) | Log aggregation method and device | |
| US11275641B2 (en) | Automatic correlation of dynamic system events within computing devices | |
| US20220014560A1 (en) | Correlating network event anomalies using active and passive external reconnaissance to identify attack information | |
| US20210019674A1 (en) | Risk profiling and rating of extended relationships using ontological databases | |
| US20200013065A1 (en) | Method and Apparatus of Identifying a Transaction Risk | |
| CN108701187A (en) | Mixed hardware software distribution threat analysis | |
| Noel | A review of graph approaches to network security analytics | |
| CN106302595A (en) | A kind of method and apparatus that server is carried out physical examination | |
| US20240241752A1 (en) | Risk profiling and rating of extended relationships using ontological databases | |
| CN106126551A (en) | A kind of generation method of Hbase database access daily record, Apparatus and system | |
| CN108614837A (en) | File stores and the method and device of retrieval | |
| CN112925805B (en) | Big data intelligent analysis application method based on network security | |
| US20180083990A1 (en) | Network Security Device and Application | |
| CN110334119A (en) | A kind of data correlation processing method, device, equipment and medium | |
| CN107453948A (en) | The storage method and system of a kind of network measurement data | |
| CN104537304A (en) | File checking and killing method, device and system | |
| US20200053122A1 (en) | Intrusion detection system for automated determination of ip addresses | |
| Al‐hisnawi et al. | QCF for deep packet inspection | |
| Zhao et al. | Finding key nodes in complex networks: An edge and local partition approach | |
| CN110611591B (en) | Network topology establishing method and device | |
| CN107104944A (en) | A kind of detection method and device of network intrusions | |
| CN110505238A (en) | The processing unit and method of message queue based on EDR | |
| Sharma et al. | A Graph Database-Based Method for Network Log File Analysis | |
| Velásquez et al. | A case study: Ingestion analysis of wsn data in databases using docker | |
| Tian et al. | Network attack path reconstruction based on similarity computation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |